From 90d5bc8de7eba8dffd2ecbfd20a1f1379b8b2c71 Mon Sep 17 00:00:00 2001
From: Uli <email@kiot.eu>
Date: Thu, 5 May 2022 17:48:45 +0200
Subject: [PATCH] Allow the . (dot) and @ (at) character in usernames (#637)

Co-authored-by: Uli Koeth <uli@kiot.eu>
---
 .../java/com/sismics/rest/util/ValidationUtil.java     |  8 ++++++++
 .../com/sismics/docs/rest/resource/GroupResource.java  |  2 +-
 .../com/sismics/docs/rest/resource/UserResource.java   | 10 +++++-----
 .../webapp/src/partial/docs/settings.user.edit.html    |  4 ++--
 4 files changed, 16 insertions(+), 8 deletions(-)

diff --git a/docs-web-common/src/main/java/com/sismics/rest/util/ValidationUtil.java b/docs-web-common/src/main/java/com/sismics/rest/util/ValidationUtil.java
index c2054043..56b96e63 100644
--- a/docs-web-common/src/main/java/com/sismics/rest/util/ValidationUtil.java
+++ b/docs-web-common/src/main/java/com/sismics/rest/util/ValidationUtil.java
@@ -21,6 +21,8 @@ public class ValidationUtil {
     
     private static Pattern ALPHANUMERIC_PATTERN = Pattern.compile("[a-zA-Z0-9_]+");
     
+    private static Pattern USERNAME_PATTERN = Pattern.compile("[a-zA-Z0-9_@\\.]+");
+    
     /**
      * Checks that the argument is not null.
      * 
@@ -152,6 +154,12 @@ public class ValidationUtil {
         }
     }
     
+    public static void validateUsernamepattern(String s, String name) throws ClientException {
+        if (!USERNAME_PATTERN.matcher(s).matches()) {
+            throw new ClientException("ValidationError", MessageFormat.format("{0} must have only alphanumeric, underscore characters or @ and .", name));
+        }
+    }
+    
     public static void validateRegex(String s, String name, String regex) throws ClientException {
         if (!Pattern.compile(regex).matcher(s).matches()) {
             throw new ClientException("ValidationError", MessageFormat.format("{0} must match {1}", name, regex));
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java
index da2d2a60..7f71ede2 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/GroupResource.java
@@ -313,7 +313,7 @@ public class GroupResource extends BaseResource {
      * @return Response
      */
     @DELETE
-    @Path("{groupName: [a-zA-Z0-9_]+}/{username: [a-zA-Z0-9_]+}")
+    @Path("{groupName: [a-zA-Z0-9_]+}/{username: [a-zA-Z0-9_@\\.]+}")
     public Response removeMember(@PathParam("groupName") String groupName,
             @PathParam("username") String username) {
         if (!authenticate()) {
diff --git a/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java b/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
index 4874cece..4878d7f7 100644
--- a/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
+++ b/docs-web/src/main/java/com/sismics/docs/rest/resource/UserResource.java
@@ -88,7 +88,7 @@ public class UserResource extends BaseResource {
         
         // Validate the input data
         username = ValidationUtil.validateLength(username, "username", 3, 50);
-        ValidationUtil.validateAlphanumeric(username, "username");
+        ValidationUtil.validateUsernamepattern(username, "username");
         password = ValidationUtil.validateLength(password, "password", 8, 50);
         email = ValidationUtil.validateLength(email, "email", 1, 100);
         Long storageQuota = ValidationUtil.validateLong(storageQuotaStr, "storage_quota");
@@ -195,7 +195,7 @@ public class UserResource extends BaseResource {
      * @return Response
      */
     @POST
-    @Path("{username: [a-zA-Z0-9_]+}")
+    @Path("{username: [a-zA-Z0-9_@\\.]+}")
     public Response update(
         @PathParam("username") String username,
         @FormParam("password") String password,
@@ -511,7 +511,7 @@ public class UserResource extends BaseResource {
      * @return Response
      */
     @DELETE
-    @Path("{username: [a-zA-Z0-9_]+}")
+    @Path("{username: [a-zA-Z0-9_@\\.]+}")
     public Response delete(@PathParam("username") String username) {
         if (!authenticate()) {
             throw new ForbiddenClientException();
@@ -591,7 +591,7 @@ public class UserResource extends BaseResource {
      * @return Response
      */
     @POST
-    @Path("{username: [a-zA-Z0-9_]+}/disable_totp")
+    @Path("{username: [a-zA-Z0-9_@\\.]+}/disable_totp")
     public Response disableTotpUsername(@PathParam("username") String username) {
         if (!authenticate()) {
             throw new ForbiddenClientException();
@@ -713,7 +713,7 @@ public class UserResource extends BaseResource {
      * @return Response
      */
     @GET
-    @Path("{username: [a-zA-Z0-9_]+}")
+    @Path("{username: [a-zA-Z0-9_@\\.]+}")
     @Produces(MediaType.APPLICATION_JSON)
     public Response view(@PathParam("username") String username) {
         if (!authenticate()) {
diff --git a/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html b/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html
index 6a227001..2cf9f6e9 100644
--- a/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html
+++ b/docs-web/src/main/webapp/src/partial/docs/settings.user.edit.html
@@ -9,7 +9,7 @@
       <label class="col-sm-2 control-label" for="inputUserUsername">{{ 'settings.user.edit.username' | translate }}</label>
       <div class="col-sm-7">
         <input name="userUsername" type="text" id="inputUserUsername" required ng-disabled="isEdit()" class="form-control"
-               ng-pattern="/^[a-zA-Z0-9_]*$/"
+               ng-pattern="/^[a-zA-Z0-9_@\.]*$/"
                ng-minlength="3" ng-maxlength="50" ng-attr-placeholder="{{ 'settings.user.edit.username' | translate }}" ng-model="user.username"/>
       </div>
 
@@ -129,4 +129,4 @@
       </div>
     </div>
   </form>
-</div>
\ No newline at end of file
+</div>